Cybersecurity: Top Trends for 2019
The coming year promises to be a critical one for cybersecurity as new threats emerge and adversaries sharpen their game, while recent consolidation of federal-level efforts could help turn the tide, says Dr. William Butler, chair of the cybersecurity program at Capitol Technology University.
Butler sees several distinct trends developing as 2019 unfolds.
Stealthier adversaries. The Department of Justice moved against state-sponsored hackers in a big way during 2018 – and, in the process, demonstrated the U.S. government’s ability to track attacks to their source is far more robust than some may have realized. Adversaries have taken note and we can now expect more sophisticated tactics as they strive to remain incognito, often by commandeering the email accounts, credit cards and computers of unsuspecting computer users.
“We were able to trace the attacks all the way to the computers and actual users in Russia,” Butler says. “It became clear that not only do we have that ability, but that we’ve had it for some time.”
A better-coordinated cybersecurity effort. A new agency within the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency, aims to consolidate efforts that were previously dispersed across different branches of the federal government. “They’re bringing resources and responsibilities together under one agency head and within one budget,” Butler says. “They’ll be able to co-ordinate the defense of our cyber infrastructure across many agencies. That’s important, because when you consolidate resources, you’re stronger.”
CISA will also be working to forge a common strategy between the government and the private sector, which have sometimes been at cross-purposes. “Most of our cyber infrastructure is in the private sector,” Butler says. “Part of the job, for the new agency head, is to show the private sector that it benefits them to adopt the same measures that government agencies are required to follow. Doing so may not contribute to the bottom line, but it protects a company’s brand and reputation, and it protects consumers.”
The Internet of Insecure Things. Consumers can be expected to continue enhancing their homes and lifestyles with IP-enabled devices, but haphazard security protections on many of these products are a boon to criminals. Although many newer products have been designed with cybersecurity in mind, legacy systems that are still in widespread use are chock full of vulnerabilities. Consumers, Butler says, should shop wisely and investigate the level of security built into devices they plan to purchase. “Every day you come across someone wanting to sell you a new device you can use in your home – it will talk to you, do things for you, make your life simpler. But will it also allow others to spy on your activities and steal your information?”
Privacy laws. In 2016, the EU adopted the General Data Protection Regulation (GDPR), a stringent set of rules requiring – among other things – organizations that collect or use personal data to first obtain informed consent. “It’s an opt-in system, as opposed to the opt-out approach we use in the United States,” Butler says. “We have a vast industry of data aggregators that gather our information and resell it, and up to now Congress has decided not to regulate it.”
That may be changing, though, with political momentum shifting towards consumer protection, and we’re likely to see growing calls for safeguards comparable to those in the EU, he says.
The promise of blockchain. A few years ago, most people associated the term “blockchain” with cryptocurrency, but the technology has a myriad of other uses, including secure storage of records and financial data. While blockchain isn’t 100% hacker-proof, the probability is low compared to other methods of storing information. “Blockchain is here to stay,” Butler says. “As use of the technology grows, certain problems are going to have to be addressed, such as interoperability. For example, what happens when there’s a merger between two organizations? They may find it hard to integrate the different distributed ledger systems.”
Cyber insurance. Given the number of companies and organizations that have been hit by damaging cyber breaches, it’s no surprise that many firms are looking for insurance that can cover recovery costs after an attack. “Cyber insurance is still in the early stages, but we’re seeing more and more insurers offering it,” Butler says. Being insured isn’t a license to skip on cybersecurity, though – insurers will demand that clients implement best practices and limit payments in case negligence is discovered, he warns.
Given these trends, a lot can be expected to happen in 2019 – though the same could be said nearly every year when it comes to cybersecurity, a field in which those defending critical assets are always seeking an edge against continually evolving threats. “Hackers are active 24 hours a day, seven days a week,” Butler says. “Being able to stay ahead of the adversary has always been a critical challenge for the cybersecurity profession, and that will continue to be the case going forward.”